The RSA Security Conference 2020 in San Francisco has reported that security researchers from Slovak antivirus company ESET have come up with a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air.
The new bug detected is named as Kr00k, like many other bugs, is said to have impact on devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), and also access points from Asus and Huawei. An attacker can easily encode and decode some type of Wi-Fi network traffic (relying on WPA2 connections) that would lead to misuse of Kr00k.
Broadcom and Cypress Wi-Fi chips are two types of the world’s most popular Wi-Fi chipsets, which exist in almost every electronic device such as laptops, mobiles, access points, smart speakers, and all other IoT devices. Thus, Kr00k has an impact on all these devices as all these gadgets include Wi-Fi chips in it.
Reports state that more than a billion devices are affected by the Kr00k; this is as good as “a conservative estimate.”
The brighter side reported about this bug is that Kr00k has an impact on only those connections that use WPA2-Personal or WPA2-Enterprise Wi-Fi security protocols, with AES-CCMP encryption.
For the past few months, ESET researchers were continuously working on fixing the Kr00k bug for Broadcom, Cypress, and all other impacted companies.
Lately, ESET researchers stated, “According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability by the time of publication.”
“Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple, and Windows devices; some IoT devices), but may require a firmware update (access points, routers, and some IoT devices).”
CVE-2019-15126 is a unique ID that is assigned to track this bug. With the help of this ID, users can quickly check whether their devices have received Kr00k patches or not.
An important point about Kr00k, however, is that the error doesn’t lead to a full compromise of communications from a customer. The vulnerability to crack the encryption used to protect the Wi-Fi channel can be manipulated. If the initial conversations of the user were also encrypted—such as accessing websites via HTTPS, using Tor, or encrypted IM customers— then those communications would remain encrypted, even a single conversation.
Besides, the vulnerability cannot be used as part of automated botnet attacks, involves physical proximity to a target (Wi-Fi network range), and Kr00k can’t access large and long-winded communications streams without the user having issues with their Wi-Fi.